According to a blog post from Facebook, the social network has once again transferred user data to other companies in contravention of the Group’s own data protection conditions. Specifically, this involves around 5,000 developers who have received user data. Actually, Facebook has an automatic blocking information that is supposed to become active if users have not started an app for three months. It has now been revealed that this function did not work correctly and thus app developers are still able to access data even for inactive users.
The operators of the apps, which users logged into via their Facebook account, were thus able to read out information such as date of birth, email, place of residence and friend lists. In response to the Cambridge Analytica scandal, which affected millions of users, this access was supposed to be significantly restricted.
Barely any information from Facebook
In the blog post, the company writes that the data breach could be triggered, for example, “if someone used a fitness app to invite friends over for a workout. In this case, the social network did not notice that some friends had not used the app for months and therefore did not terminate the data access.
Facebook did not disclose how many users are affected by the company’s renewed data breach. At least, according to the social network, the bug has been fixed in the meantime. According to the blog post, there are currently no indications that third parties have misused the acquired data.
New guidelines for app developers
In response to the bug, Facebook has significantly revised its guidelines for app developers. These are now to be easier to understand and should make clear to the developers the high responsibility about the use and security of the transferred data. In addition, the transfer of user data from the network to third parties has again been restricted.